Subject: misc/3763: security doesn't check /etc/profile
To: None <>
From: Chris Jones <>
List: netbsd-bugs
Date: 06/18/1997 12:45:08
>Number:         3763
>Category:       misc
>Synopsis:       /etc/security doesn't check /etc/profile
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    misc-bug-people (Misc Bug People)
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Wed Jun 18 11:50:01 1997
>Originator:     Chris Jones
Chris Jones                          
           Mad scientist in training...
"Is this going to be a stand-up programming session, sir, or another bug hunt?"
>Release:        1.2
System: NetBSD 1.2G NetBSD 1.2G (CLYDESDALE) #2: Mon Jun 16 15:46:23 MDT 1997 i386

The /etc/security script, which checks umask values for root, checks
/etc/csh.login, /etc/csh.cshrc, /root/.login, and /root/.cshrc for the
C shell.  For the Bourne shell, however, it only checks
/root/.profile, when /etc/profile should also be checked.
--- etc/security.orig	Wed Jun 18 12:41:38 1997
+++ etc/security	Wed Jun 18 12:41:43 1997
@@ -178,7 +178,7 @@
 	cp /dev/null $OUTPUT
-	list="${rhome}/.profile"
+	list="/etc/profile ${rhome}/.profile"
 	for i in $list; do
 		if [ -f $i ] ; then
 			if egrep umask $i > /dev/null ; then